Gov't Secrecy and the Mysterious Cyber Initiative

The secrecy surrounding the Bush administration's updatedNational Cyber Security Initiative -- designed to improve the government's digital defenses and put forth an offensive information warfare doctrine -- is endangering the deterrent value of the project and appears to be aimed chiefly at supporting spying operations abroad, a key U.S. Senate committee concludes in a new report.

The Senate Armed Services Committee said a major thrust of the initiative was to inform our adversaries as to the range of potential consequences of a cyber attack on U.S. strategic or national assets. But so far only three of the 18 goals spelled out in the cyber initiative have been discussed publicly; the rest remain classified.

"It is difficult to conceive how the United States could promulgate a meaningful deterrence doctrine if every aspect of our capabilities and operational concepts is classified," the committee's report said. "In the era of superpower nuclear competition, while neither side disclosed weapons designs, everyone understood the effects of nuclear weapons, how they would be delivered, and the circumstances under which they would be used. Indeed, deterrence was not possible without letting friends and adversaries alike know what capabilities we possessed and the price that adversaries would pay in a real conflict. Some analogous level of disclosure is necessary in the cyber domain."

The report comes two weeks after the Senate Homeland Security Committeedemanded more details about the plan from the Department of Homeland Security.

The Armed Services Committee also concluded that some major elements of the cyber initiative are not solely or even primarily intended to support the cyber security mission, but instead appear geared toward beefing up foreign intelligence collection and analysis.

"If these elements were properly defined, the President's cyber security initiative would be seen as substantially more modest than it now appears," the committee's report reads. "That is not to say that the proposed projects are not worthwhile, but rather that what will be achieved for the more than $17.0 billion planned by the administration to secure the government's networks is less than what might be expected."

"We've never looked at how all the unique things this government wages against others could be used to inform our defensive posture," said the official, who asked not to be named because the White House has not yet released details about the plan. "We really need to move from [the reality that] the advantage is always with the attacker to how we can have our offense better inform our defense to shrink that gap."

The White House was expected to reveal more details about the cyber initiative following the release last week of new government-wide policies for standardizing the secrecy levels assigned to various government documents.

The Bush administration released the new classification guidelines last Friday. The guidelines are aimed at untangling the tortured terms various agencies use to label documents that are unclassified but for one reason or another deemed not for public consumption. According to American University's Collaboration on Government Secrecy project, federal agencies have devised more than 120 different unique labels, including such vague gems as "limited access," "eyes only," "administratively restricted," and "continued control."

But secrecy experts say while the guidelines may help standardize the labeling of unclassfied documents, they will do little to decrease the amount of government paperwork that never sees the light of day.

"The policy is a necessary step because the number of individualized [labels] got out of hand a long time ago," said Steven Aftergood, director of the project on government secrecy at the Federation of American Scientists. "But as policy, it is not even half-baked. It needs further development, and given that it's predicated on a five-year implementation timeline, it will probably need to be revisited and revised by the next administration."

Aftergood said the new policy includes a few howlers, such as Paragraph 17, which states that the "controlled unclassified information markings shall be used regardless of the medium through which the information appears or conveys. Oral communications should be prefaced with a statement describing the controls when necessary to ensure that recipients are aware of the information's status."

"That means that any conversation that any government employees might have concerning controlled unclassified information should begin with a statement concerning its restricted status," Aftergood said. "That's just laughable."